CVE-2020-37220

HIGH NVD

CVSS Score 7.5

Severity HIGH

Published May 13, 2026

Vendor unknown

Description

Huawei HG630 V2 router contains an authentication bypass vulnerability that allows unauthenticated attackers to obtain administrative access by retrieving the device serial number. Attackers can query the /api/system/deviceinfo endpoint without authentication to extract the SerialNumber field, then use the last 8 characters as the default password to login to the router.

References

https://www.exploit-db.com/exploits/48310
https://www.vulncheck.com/advisories/huawei-hg630-v2-router-authentication-bypass-via-serial-number
https://www.youtube.com/watch?v=vOrIL7L_cVc